Uploaded image for project: 'SonarSwift'
  1. SonarSwift
  2. SONARSWIFT-454

Rule S2068: filter string literal that contains the wordlist item

    Details

    • Type: False-Positive
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.3
    • Component/s: Rules

      Description

      The implementation of this rule highly rely on symbol names matching wordlist items to raise issues. The downside of this is that it raises many FPs when constants are used to avoid duplicated stings:

      let password = "Password" // Compliant
      let password = "custom.password" // Compliant
      password = "/users/resetUserPassword" // Compliant
      foo(password:"password") // Compliant
      
      var obj = MyClass()
      obj.fieldNameWithPasswordInIt = "password" // Compliant
      

      In most string constants use cases the wordlist item is present in both the symbol name and the string value.
      The new approach is to avoid raising issues when the matched wordlist item is present in both symbol name and literal string value.

      Exception made for the following use cases with query parameters that are still True Positives:

      let params = "user=admin&password=Password123" // Sensitive
      let connection = "pgsql:host=localhost port=5432 dbname=test user=postgres password=postgres" // Sensitive
      

      See false-positives on Peach https://peach.sonarsource.com/issues?tags=sonarswift-454

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                arseniy.zaostrovnykh Arseniy Zaostrovnykh
                Reporter:
                pierre-loup.tristant Pierre-Loup Tristant
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: